Keeping integrated data safe

Print

The ABS protects your privacy and is committed to keeping your information safe and secure. We have a strong data protection culture and extensive experience in keeping data secure as Australia’s national statistical organisation and as an Accredited Integrating Authority.

The ABS enforces a robust framework of protections that work together to protect your privacy, strengthen the security of your data, and meet legislative requirements.

These include: 

  • Legislative protections
  • Privacy protections
  • Policies and standards
  • Safe data handling practices

Legislative protections

We handle your personal information with utmost care to meet our legislative requirements and public expectations.

We adhere to the Privacy Act 1988 and to the Australian Privacy Principles (APPs), which govern how we collect and use personal information.

The ABS Privacy Policy sets out the personal information handling practices of the ABS. Additionally, the PLIDA Privacy Policy outlines the specific practices for PLIDA.

We are also bound by the secrecy requirements of the Census and Statistics Act 1905, which ensures that information collected for a statistical purpose cannot be released in a manner that is likely to enable the identification of any person or business.

Privacy protections

In addition to the Privacy Act 1988 and APPs, the Australian Government Agencies Privacy Code sets out specific requirements and key practical steps that requires agencies to move toward a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.

Privacy-by-design

We take a privacy-by-design approach in order to manage risks. This means that we assess privacy risks at every stage of data integration - project initiation and approval, the acquisition and linking of data, and access to and analysis of data.

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a systematic assessment that helps us identify and manage the privacy impacts of a data integration project. The ABS Privacy Impact Assessments webpage contains a list of PIAs that have been conducted for ABS projects, including PLIDA. Privacy threshold assessments are undertaken for all data integration projects, and a full PIA will be conducted as required in accordance with the Office of the Australian Information Commissioner (OAIC) guide to undertaking a PIA.

Policies and standards

High Level Principles for Data Integration

All of our data integration activities are conducted in line with the seven High Level Principles for Data Integration, which are the established protocols for the safe and secure integration of Commonwealth data for research and statistical purposes.

Our data integration projects:

  • only occur where they provide significant benefit to the public;
  • are only conducted for statistical and research purposes (not for compliance, monitoring or enforcement purposes);
  • must minimise any potential impact on privacy and confidentiality; and
  • are transparent – the datasets involved and research purposes are listed on the ABS website.

Government security standards

The ABS adheres to Australian Government standards for information, personnel, and physical security. Our data integration systems and processes conform to the IT security arrangements set out in the Information Security Manual, which is part of the Australian Government's Protective Security Policy Framework.

Data breaches

A data breach occurs when personal information that is held by an organisation is lost or subjected to unauthorised access or disclosure. In the unlikely event of a data breach, the ABS will respond in accordance with the Notifiable Data Breaches Scheme.

Safe data handling

The Separation Principle and Functional Separation

The ABS collects two types of information for use in data integration projects:

  • Linkage information – which usually includes personal identifiers such as name, address and date of birth, or other identifiers like Australian Business Numbers. This information is only used to enable datasets to be linked; it is not used for analytical purposes
  • Analytical information – which includes variables of interest for analysis, such as occupation, income and health services use, or business type and industry. Analytical information is primarily used for analysis but may also be used to help with linking datasets

The Separation Principle is applied when we undertake data integration activities. This means personal identifiers are stored separately from other information, and no one can view both personal identifiers and analytical information at the same time.

We adhere to the Separation Principle by implementing functional separation (or roles) in all data integration projects. This means that staff undertaking data linkage projects only have access to the information that they need to perform their assigned role - no one has access to the identifying details of an individual or business at the same time as other information about that individual or business.

  • Librarian: Prepares the data for linkage
  • Linker: Finds links between datasets
  • Assembler: Creates files for analysis
  • Analyst: Analyses the linked information

Five Safes Framework

The Fives Safes Framework takes a multi-dimensional approach to managing disclosure risk by accounting for each independent but related aspect of disclosure risk. The framework poses specific questions to help assess and describe each risk aspect in a qualitative way. This allows data custodians to place appropriate controls on the manner in which data are accessed.

Further information

ABS Privacy Policies provides more about how we protect your privacy.

Census Privacy Policy and Privacy, Confidentiality and Security outlines the measures in place for protecting Census information, including how names are encoded to protect your identity and specific commitments about retention of Census information.